This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/YwlkzOh40N4SzqCHKWcC97MEiGo.roa
File:                     YwlkzOh40N4SzqCHKWcC97MEiGo.roa (raw, json)
Hash identifier:          1LCHJNlMLpepR4sv2pj3j5D9S9GvMti3zGg5V/TMwP8=
Subject key identifier:   63:09:64:CC:E8:78:D0:DE:12:CE:A0:87:29:67:02:F7:B3:04:88:6A
Certificate issuer:       /CN=66f8206e3311df394f48389b8122b94aa1f0b05c
Certificate serial:       019B76EABFD964F7956752838010DC933DE5
Authority key identifier: 66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/YwlkzOh40N4SzqCHKWcC97MEiGo.roa
Signing time:             Thu 01 Jan 2026 00:17:34 +0000
ROA not before:           Thu 01 Jan 2026 00:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215481
IP address blocks:        185.229.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:bf:d9:64:f7:95:67:52:83:80:10:dc:93:3d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f8206e3311df394f48389b8122b94aa1f0b05c
        Validity
            Not Before: Jan  1 00:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=630964cce878d0de12cea087296702f7b304886a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3a:fd:2b:bd:f9:95:fb:f4:b1:ed:12:9f:76:
                    e4:77:d5:a3:f5:c7:0e:90:0a:a4:a7:c3:29:1d:6d:
                    89:d7:f5:fe:a0:6e:4c:f2:51:36:8f:bd:ed:98:b4:
                    7e:52:09:fd:53:cf:ee:4d:ca:5d:bb:f2:58:50:d6:
                    f6:d2:de:77:20:a7:cb:a1:c5:55:00:9a:9b:c2:c1:
                    72:e3:b0:fd:da:4d:13:9c:81:54:4c:00:b2:36:ad:
                    66:77:e6:e4:0a:ab:5f:38:e7:3f:52:24:27:6d:8d:
                    8f:7f:86:f5:6c:32:33:c7:c4:40:b3:00:ee:a2:e7:
                    90:0f:53:70:b0:ba:71:64:3d:70:2a:62:6d:64:e1:
                    01:24:c3:4d:28:f8:a9:b2:44:bb:e6:4f:bc:2c:94:
                    c9:0c:89:77:0c:68:65:16:41:ce:74:50:c7:45:8e:
                    19:f9:88:80:b5:d4:1a:18:a8:0d:58:e5:ea:53:df:
                    8f:c5:38:66:d3:8b:62:53:af:0b:24:8d:c5:61:88:
                    de:5c:d4:21:5d:2f:76:ff:4d:87:a6:4a:c5:4f:d2:
                    68:6a:aa:87:bf:f3:1f:7e:8e:af:a2:cf:7d:1e:58:
                    bd:57:30:95:bb:8a:30:be:6e:6b:0b:75:fe:51:ba:
                    fe:83:4f:d1:76:a3:72:bc:a2:36:c4:bc:8c:77:9d:
                    69:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:09:64:CC:E8:78:D0:DE:12:CE:A0:87:29:67:02:F7:B3:04:88:6A
            X509v3 Authority Key Identifier:
                keyid:66:F8:20:6E:33:11:DF:39:4F:48:38:9B:81:22:B9:4A:A1:F0:B0:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvggbjMR3zlPSDibgSK5SqHwsFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/YwlkzOh40N4SzqCHKWcC97MEiGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/be1a25-5855-4aec-8e18-bbfd45c84bea/1/ZvggbjMR3zlPSDibgSK5SqHwsFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:f3:85:16:8c:0f:e0:a7:e4:6a:05:14:73:75:5c:b0:c2:ff:
         0f:8f:c7:d4:5e:16:86:34:28:a9:de:d5:2f:e2:fa:e6:94:1a:
         66:61:df:cc:d0:8d:14:f4:4c:86:18:9b:d1:51:38:92:e2:75:
         cd:0c:3d:3c:04:24:42:78:c2:52:3c:e5:f7:18:1d:58:39:1a:
         73:c5:c1:61:6d:c1:ea:49:48:cc:79:dd:e4:d6:87:26:cc:b3:
         32:13:8d:87:ed:eb:83:43:67:25:48:de:7f:13:65:ff:94:6c:
         11:63:1b:73:f6:b0:26:42:11:dd:60:f0:e0:eb:00:2e:6c:56:
         94:be:94:dd:c3:8f:68:e5:6f:a2:0a:e2:f8:98:93:ae:ad:18:
         0a:77:6d:3c:b3:d5:17:d5:d0:dc:4d:ee:d8:cf:c9:75:63:8d:
         fd:c7:f1:53:15:1b:19:fb:e6:93:3d:5a:2d:24:26:c2:68:89:
         80:3c:08:bf:a8:a0:d7:27:52:48:56:5e:e9:70:5e:6e:54:04:
         e0:d0:66:03:fa:b4:35:6e:88:83:ec:80:60:5c:7b:49:df:42:
         5d:b1:ec:36:07:dd:84:11:4f:04:78:dc:88:10:a4:da:18:ff:
         59:b9:7e:f4:1f:63:9e:d7:1b:bd:ab:74:ed:3e:66:57:74:18:
         bf:fc:7f:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26r/ZZPeVZ1KDgBDckz3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjgyMDZlMzMxMWRmMzk0ZjQ4Mzg5YjgxMjJiOTRhYTFm
MGIwNWMwHhcNMjYwMTAxMDAxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzA5NjRjY2U4NzhkMGRlMTJjZWEwODcyOTY3MDJmN2IzMDQ4ODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjr9K735lfv0se0Sn3bkd9Wj9ccO
kAqkp8MpHW2J1/X+oG5M8lE2j73tmLR+Ugn9U8/uTcpdu/JYUNb20t53IKfLocVV
AJqbwsFy47D92k0TnIFUTACyNq1md+bkCqtfOOc/UiQnbY2Pf4b1bDIzx8RAswDu
oueQD1NwsLpxZD1wKmJtZOEBJMNNKPipskS75k+8LJTJDIl3DGhlFkHOdFDHRY4Z
+YiAtdQaGKgNWOXqU9+PxThm04tiU68LJI3FYYjeXNQhXS92/02HpkrFT9JoaqqH
v/Mffo6vos99Hli9VzCVu4owvm5rC3X+Ubr+g0/RdqNyvKI2xLyMd51pBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMJZMzoeNDeEs6ghylnAvezBIhqMB8GA1UdIwQY
MBaAFGb4IG4zEd85T0g4m4EiuUqh8LBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgt
YmJmZDQ1Yzg0YmVhLzEvWXdsa3pPaDQwTjRTenFDSEtXY0M5N01FaUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iZTFhMjUtNTg1NS00YWVjLThlMTgtYmJmZDQ1Yzg0YmVh
LzEvWnZnZ2JqTVIzemxQU0RpYmdTSzVTcUh3c0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueUjMA0G
CSqGSIb3DQEBCwUAA4IBAQBW84UWjA/gp+RqBRRzdVywwv8Pj8fUXhaGNCip3tUv
4vrmlBpmYd/M0I0U9EyGGJvRUTiS4nXNDD08BCRCeMJSPOX3GB1YORpzxcFhbcHq
SUjMed3k1ocmzLMyE42H7euDQ2clSN5/E2X/lGwRYxtz9rAmQhHdYPDg6wAubFaU
vpTdw49o5W+iCuL4mJOurRgKd208s9UX1dDcTe7Yz8l1Y439x/FTFRsZ++aTPVot
JCbCaImAPAi/qKDXJ1JIVl7pcF5uVATg0GYD+rQ1boiD7IBgXHtJ30Jdsew2B92E
EU8EeNyIEKTaGP9ZuX70H2Oe1xu9q3TtPmZXdBi//H8x
-----END CERTIFICATE-----